Virtual Machine(VMs) & Containers – How are they different?
In today’s cloud-native digital ecosystem, containerization is considered the best way to develop and deploy applications. Containerization helps develop software fast, deploy efficiently and operate at an unprecedented scale. It is good to start understanding what virtualization really is and then delve deep into how these two virtualization technologies differ.
What is Virtualization?
Virtualization is the process of simulating hardware to create multiple virtual computing instances. This helps run multiple operating systems on a single server hardware, virtualizing the system resources like RAM, CPU, Disk, or Network. Those instances could be a computer in the traditional sense or a storage repository, application, server, or networking configuration.
Virtual machines & containers are the two most sought-after resource virtualization technologies. The key difference between containers and virtual machines is that virtual machines virtualize an entire machine down to the hardware layers, and containers only virtualize software layers above the operating system level.
Virtual Machines
Let us first look at VMs. A hypervisor is a program that creates, runs & manages virtual machines (VMs). Hypervisor virtualizes both the hardware (which may include the virtual disk, virtual network interface, virtual CPU, and more) and the kernel (guest kernel). A kernel is a program in the OS used to communicate with hardware like CPU, network card, memory, etc. Hypervisors are of 2 different types.
Hypervisor type 1, which can either directly run on the hardware (bare metal) to virtualize it & Hypervisor type 2, which will be running on the host OS.
The hypervisor creates pools of abstracted hardware resources dedicated to the VMs. It also can stop and start virtual machines when the user requests. Essentially, the underlying hardware is partitioned, and each partition runs as a separate, isolated Virtual Machine – with its own Operating System. Guest machines (VMs) are not allowed to access the host hardware and its resources directly. The pre-existing Operating System manages the calls to the CPU for memory, network resources, and storage.
VMs have the advantage that any security breach to one VM will not impact the other VMs in the shared host machine since they are isolated as separate entities. A natural advantage of VMs is that it reduces Space, Energy, and Maintenance requirements. But, virtual machines are time-consuming to build and regenerate because they encompass a full stack system. Each VM is completely isolated from the host operating system and hence needs its own OS. It also consumes a noticeable amount of system resources to run a copy of an OS and a virtual copy of all the hardware.
Popular VM providers:
Virtual machines are most suitable for running applications depending on the whole of the OS’s system resources. VMs are naturally suggested for monolithic applications but not fit for applications that have microservices.
Containers
On the other hand, instead of virtualizing the underlying hardware, containers virtualize the operating system (typically Linux or Windows). Hence, each container contains only the application and its libraries and dependencies. Containers are lightweight, only megabytes in size, take just seconds to start, and are agile for managing. Containers can run on a desktop computer, an on-premises IT infrastructure, or the cloud.
Containers on Linux
Containers are built on top of Namespaces and Cgroups in Linux. The widely used container management platform is Docker. Namespaces provide the isolated workspace called the container. When you run a container, Docker creates a set of namespaces for that container. Cgroups help in grouping processes together under a common set of resource controls.
Containers on Windows
Once containers became increasingly popular, Microsoft came up with a solution for containers on Windows which operate differently. Windows Containers on Windows (WCOW) can run in 3 different isolation modes, unlike Linux
1.Process (Server Silo)
In default mode, the process will run against the same kernel as the host but has an isolated view of system resources.
2.Hyper V
Runs the process inside a lightweight, stateless, and immutable Hyper-V Windows guest VM, which has a separate kernel.
3.Host Process
Similar to “Process” isolation, except containers run directly on the host and can be created in the host’s network namespace instead of their own.
Popular Container providers:
Finally, containers provide a way to virtualize an OS so that multiple workloads can run on a single OS instance. They leverage features of the host operating system to isolate processes and control the processes’ access to CPUs, memory, and disk space. Containers are also ideal for automation and DevOps pipelines, especially continuous integration and continuous deployment (CI/CD) implementation.
With all their advantages, they pose a challenge when many containers have to be deployed, monitored, and maintained securely. This is where container orchestration tools come into play, and Kubernetes is a widely used open-source platform for container orchestration. Containers are suitable for microservices applications that are scalable and portable. Containers are also ideal for multi-cloud applications because of their consistency.